How a security incident impacted one cybersecurity CEO
How a security incident impacted one cybersecurity CEO
Publish Date: 2026-02-06 16:11:00
Source Domain: www.itbrew.com
’Twas the night before Christmas, when all through the house, not a creature was stirring, not even a mouse…but don’t get too comfortable, because this isn’t your traditional Christmas tale.
Howard Ting was at home on Christmas Day 2024, playing with his kids, when he received a phone call from the CSO of Cyberhaven, alerting him to a security professional’s worst nightmare: an employees’ account had been compromised and used to upload a malicious version of its Chrome extension to select accounts.
“It was an incredible roller-coaster of emotions,” Ting, Cyberhaven’s CEO at the time, told IT Brew. Cyberhaven had just wrapped up a “phenomenal year,” in his words: its valuation grew from $150 million to $1 billion, and it had added several marquee customers while concluding a series D funding round.
“I was on the highest of highs, and then less than two days later, I’m in the depths of, ‘Wow, could this kill our company?’” Ting, now the CEO of identity governance company Opal Security, recalled.
I remember it like it was yesterday. In a December 2024 blog post—penned by Ting and published two days after the incident was discovered—the company confirmed the cyberattack occurred on Christmas Eve after a threat actor compromised a Cyberhaven employee account through a phishing attack.
“The attacker was able to basically harvest the tokens or credentials of that developer and get access to our Chrome Store account,” Ting said. “With access to our Chrome Store account, through APIs, they were able to update a malicious version of the extension to our account, which then subsequently got published and deployed to some of our customers.”
Ting said the developer discovered and reported the incident early on Christmas Day, triggering the company to jump into incident-response mode. While Cyberhaven’s CSO took the lead on the investigation, Ting recalled several decisions he had to make in his role as CEO.
“How much do you disclose?…
